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COPY PROTECTION OF DIGITAL IMAGES 
TRANSMITTED OVER NETWORKS 

This application is a division of commonly -owned U.S. 
application Sen No. 09/397,331, filed on Sep. 14, 1999, 5 
entitled "Method and System for Copyright Protection of 
Digital Images Transmitted Over Networks," which is a 
continuation-in-part of U.S. application Ser. No. 09/313, 
067, filed May 17, 1999, entitled "Methods And Apparatus 
For Preventing Reuse of Text, Images And Software Trans- 10 
mitted Via Networks." 

FIELD OF THE INVENTION 

The present invention relates to copyright protection of ^ 
digital data. 

BACKGROUND OF THE INVENTION 

Software copyright protection is a central concern in 
software development, and in copyright law itself. Typically, 20 
software is distributed in shrink-wrap packages containing 
diskettes and/or CD-ROMs, and over the Internet via ftp 
servers. Protecting software from rampant unauthorized 
copying, distribution and use ("software piracy") is one of 
the most challenging problems facing the software industry. 25 

Over the past years, several techniques have been devel- 
oped for combating software piracy. These include use of 
hardware plugs, use of license keys, use of tokens and 
sophisticated encryption systems. 

One of the leading technologies for controlling use of 
software within turnkey transaction systems is the Digital 
Rights Management system of InterTrust® Technologies 
Corp. of Sunnyvale, Calif., as described in U.S. Pat. Nos. 
5,892,900, 5,410,598, 5,050,213, 4,977,594 and 4,827,508. 35 
Information about InterTrust is available on the web at 
http://www.intertrusl .com . 

Another such leading technology is the CyberSales Solu- 
tion™ of SoftLock.com, Inc. of Maynard, Mass., as 
described in U.S. Pat. No. 5,509,070. CyberSales Solution ^ 
provides locking and unlocking functionality so that content 
can be securely previewed by consumers, electronically 
purchased and redistributed, and it protects the content in an 
initial transaction and in subsequent information pass-along. 
Content providers can control how much information is 45 
available without paying, and disable, or additionally charge 
for, the ability to print or cut and paste. CyberSales Solution 
handles secure transactions, remittance processing, reports, 
audits and customer service. Information about CyberSales 
Solution is available on the web at http://www.softlock.com. 50 

With the advent of the use of compelling multi-media on 
web pages accessible over the Internet, protection of digital 
images and other media is becoming increasingly critical. 
Web designers are reluctant to use valuable digital "works of 
art" knowing that users can easily copy them onto their own 55 
computers, and use them for their own unauthorized pur- 
poses. Moreover, anyone using a web browser to view an 
image posted on the Internet can easily copy the image by 
simply positioning a mouse pointer over the displayed 
image, clicking on the right mouse button and selecting a go 
"Save Image As ... " command. Copyright and piracy issues 
are major problems for web publishers. 

Prior art techniques for protecting digital images include 
the embedding of invisible digital watermarks within 
images, so that copies of protected images can be traced. 65 
Digimarc Corporation of Lake Oswego, Oreg. embeds hid- 
den messages within pixel data for identifying protected 



,892 B2 

2 

images, and tracks their distribution over the Internet to 
monitor potential copyright infringement. Digimarc images 
carry unique IDs that link to pre -determined locations on the 
web. Digimarc images are compatible with standard image 
formats, such as JPEG, and can be opened and displayed by 
standard image readers. However, when opened with a 
Digimarc reader, the images are displayed together with a 
"Web look up" button that enables a user to identify the 
sources of the images. Digimarc technology is described in 
U.S. Pat. Nos. 5,862,260, 5,850,481, 5,841,978, 5,841,886, 
5,832,119, 5,822,436, 5,809,160, 5J68,426, 5,765,152, 
5,748,783, 5,748,763, 5,745,604, 5,721,788, 5,710,834 and 
5,636,292. Information about Digimarc is available on the 
web at http://www.digimarc.com. 

These techniques are useful in thwarting digital image 
piracy to the extent that they trace pirated content, but they 
do not prevent unauthorized copying of digital images in the 
first place. 

Other prior art techniques require a webmaster to modify 
images residing on a server computer in order to protect 
them. The webmaster is also required to modify his web 
pages accordingly, so as to reference the modified images. 
SafeMedia™ is a software product of Internet Expression, 
Inc. of Exton, Pa. that converts images from a standard 
format such as JPEG into SIF (Safe Image Format). SIF 
images can only be viewed with a SafeMedia Java viewer, 
SafeMedia embeds a host or domain name into an image, 
and checks that the image is located on the web site it was 
intended for. SafeMedia also includes enhanced system 
control for preventing screen capture by disabling a clip- 
board. Information about SafeMedia is available on the web 
at http://www.safemedia.com. 

These techniques are difficult to embrace, since they 
require modification of all protected images on the web, as 
well as modification of the web pages that reference them. 
Furthermore the SIF Java viewer has the limitation of only 
being able to load images from the same server that the 
viewer came from. 

Other prior art techniques for protecting digital images 
use Java applets within web browsers to disable the menu 
that pops up when a user right clicks on a displayed image 
within his web browser. Copysight® is a software applica- 
tion of Intellectual Protocols, LLC of Nanuet, N. Y. that uses 
digital watermarking and fingerprinting to protect images, 
and includes a Java applet that disables the ability to save 
displayed images within a web browser and the ability to 
print them. Copysight operates by converting unprotected 
files to protected files that are encrypted and that contain 
digital fingerprints. Copysight also tracks distribution of 
protected images across the Internet, and issues reports of 
potential copyright infringement. It allows a web adminis- 
trator to select which files are to be protected. Information 
about Copysight is available on the web at http:// 
www.ip2.com. 

These techniques disable unauthorized copying of digital 
images from within web browsers, but they do not protect 
the images from being copied by an application external to 
the web browser. For example, they do not prevent a user 
from copying digital images displayed in his web browser 
by means of an application running external to the web 
browser, such as an image editing tool, or by means of a 
Print Screen or other such command that serves to copy 
contents of a video buffer to a clipboard. Thus a Java applet 
that prevents unauthorized copying of digital images from 
within Netscape Communicator or Internet Explorer can be 
circumvented by a user pressing on a Print Screen button of 
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his keyboard, or by a user copying and pasting from a fled layout page from the original layout page by replacing 

window of his web browser to a window of another software at least one of the references to digital images in the original 

application. layout page with references to substitute data, and a trans- 
mitter sending the modified layout page to the client com- 

SUMMARY OF THE INVENTION 5 putcr 

The present invention provides a method and system for There is moreover provided in accordance with a pre- 

enabling a user to view protected image data using his web ferred embodiment of the present invention a system for 

browser without being able to copy it. The slogan "Look but protecting files distributed over a network, including a user 

Don't Touch™" has been adopted to describe the feature of interface displaying a list of files, a protection status man- 

the present invention that enables a user to view content i° ager generating protection status information in response to 

without being able to copy it into his computer. selection by a user of at least one of the files in the list of 

The present invention is distinct from prior art methods in files, and a transmitter sending the protection status infor- 

several respects. A first distinction is that the present inven- mation to a server computer. 

tion displays an image to a user without downloading There is additionally provided in accordance with a 

unmodified image data to the user's computer. Thus, unlike 15 preferred embodiment of the present invention a method for 

software piracy techniques that protect an original copy of protecting digital images distributed over a network, includ- 

software from being illegally copied, the present invention ing the steps of receiving a request from a client computer, 

does not provide an original copy in the first place. submitting the request to a server computer, receiving an 

Asecond distinction is that the present invention prevents original layout page containing references to digital images 

a user from copying a protected image both from within and 20 therein from the server computer, parsing the original layout 

from without his web browser. Specifically, the present page for the references to digital images, generating a 

invention blocks copying of an image from within his web modified layout page from the original layout page by 

browser, when a user selects the "Save Image As ... " replacing at least one of the references to digital images in 

command and when a user prints the contents of a web the original layout page with references to substitute data, 

browser window. It also blocks copying of an image from 25 and sending the modified layout page to the client computer, 

without when a user presses the "Print Screen" button of his There is further provided in accordance with a preferred 

keyboard or attempts to copy from his web browser window embodiment of the present invention a system for protecting 

and paste onto a window of another application, or when a digital images distributed over a network, including a 

third party software application attempts to use the "Print receiver receiving a request from a client computer and 

Screen" command. 30 receiving an original layout page containing references to 

In a preferred embodiment, the present invention uses a digital images therein from a server computer, a transmitter 

software web server plug-in that fillers HTTP requests and submitting the request to the server computer and sending a 

sends substitute data, such as encrypted image data, for modified layout page to the client computer, a layout page 

requested image data that is protected. It also uses a software parser parsing the original layout page for the references to 

web browser plug-in for displaying the substitute data and digital images, and a layout page generator generating the 

for blocking the ability to copy protected image data being modified layout page from the original layout page by 

displayed from the video buffer of the user's computer. It replacing at least one of the references to digital images in 

also uses a management tool for setting protection status of the original layout page with references to substitute data, 

images and web pages residing on one or more server ^ There is yet further provided in accordance with a pre- 

computers. ferred embodiment of the present invention a method for 

Ihere is thus provided in accordance with a preferred protecting digital images displayed in a web browser, 

embodiment of the present invention a method for protecting including the steps of displaying a digital image by a web 

digital images distributed over a network, including the browser, the digital image including pixel data, requesting 

steps of receiving a request from a client computer running 45 access to pixel data of the digital image, and in response to 

a network browser, for an original layout page containing the requesting, blocking access to pixel data of the digital 

references to digital images therein, parsing the original image. 

layout page for the references to digital images, generating There is additionally provided in accordance with a 

a modified layout page from the original layout page by preferred embodiment of the present invention a method for 

replacing at least one of the references to digital images in 50 protecting digital images displayed in a web browser, 

the original layout page with references to substitute data, including the steps of displaying a digital image by a web 

and sending the modified layout page to the client computer. browser, the digital image including pixel data, requesting 

There is further provided in accordance with a preferred access to pixel data of the digital image, in response to the 

embodiment of the present invention a method for protecting requesting, intercepting a request to access pixel data of the 

files distributed over a network, including the steps of ss di S ital ima S e > and providing substitute data to pixel data of 

displaying a list of files, generating protection status infer- the digital image in a response to the request to access pixel 

mation in response to selection by a user of at least one of data of the digital image. 

the files in the list of files, and sending the protection status There is moreover provided in accordance with a pre- 

information to a server computer. ferred embodiment of the present invention a system for 

There is yet further provided in accordance with a pre- 60 protecting digital images displayed in a web browser, 

ferred embodiment of the present invention a system for including a web browser displaying a digital image, the 

protecting digital images distributed over a network, includ- digital image including pixel data, a command processor 

ing a receiver receiving a request from a client computer requesting access to pixel data of the digital image, and a 

running a network browser, for an original layout page request blocker, blocking access to pixel data of the digital 

containing references to digital images therein, a layout page 65 image requested by the command processor, 

parser parsing the original layout page for the references to There is further provided in accordance with a preferred 

digital images, a layout page generator generating a modi- embodiment of the present invention a system for protecting 
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digital images displayed in a web browser, including a web FIG. 15 is an illustration of a user interface dialogue box 

browser displaying a digital image, the digital image includ- for setting server parameters within a protection manage- 

ing pixel data, a command processor requesting access to ment tool operative in accordance with a preferred embodi- 

pixel data of the digital image, a request interceptor inter- mcn t G f the present invention; 

cepting a request to access pixel data of the digital image 5 piG. 16 is an illustration of a user interface dialogue box 

received from the command processor, and a data processor for modifying a password for accessing a web server, within 

providing substitute data to pixel data of the digital image in a protection management tool operative in accordance with 

a response to the request to access pixel data of the digital a preferred embodiment of the present invention; 

una 8 c ' FIG. 17 is an illustration of a user interface dialogue box 

BRIEF DESCRIPTION OF THE DRAWINGS 10 for a site list, within a protection management tool operative 

The present invention will be more fully understood and m accordance with a preferred embodiment of the present 

appreciated from the following detailed description, taken in invention; 

conjunction with the drawings in which: FIG. 18 is an illustration of a user interface dialogue box 

FIG. 1 is a simplified illustration of a system for copyright 15 for defining mirror sites, within a protection management 

protection of digital images for use within a distributed tool operative in accordance with a preferred embodiment of 

server-client computing environment, in accordance with a the present invention; and 

preferred embodiment of the present invention; FIG. 19 is an illustration of a virtual directory properties 

FIG. 2 is a simplified flowchart of a method for protecting file residing on a web server computer in accordance with a 

digital images that are distributed within a server-client 20 preferred embodiment of the present invention, 
computing environment, in accordance with a preferred 

embodiment of the present invention; DETAILED DESCRIPTION OF A PREFERRED 

FIG. 3 is a simplified illustration of a management EMBODIMENT 

system, for managing protection of digital images, in accor- ^ t invention conceras prote ction of digital 

dance with a preferred embodiment of the present invention; 25 transmitted over a network from unauthorized copy- 

FIG. 4 is a simplified flowchart of a method for managing mg and use rjnlike prior art methods used to prevent 

digital image protection, in accordance with a preferred software piracy, the present invention enables a user to view 

embodiment of the present invention; an image M ^ web browser without ever receiving original 

FIG. 5 is a simplified illustration of a system for copyright unmodified digital image data, and without being able to 

protection of digital images that are referenced in dynami- 30 save me displayed image on his computer, 

cally generated web pages, in accordance with a preferred Typically, digital images are viewed over the Internet 

embodiment of the present invention; ^ pageSj such ^ hyper-text markup language 

FIG. 6 is a simplified flowchart of a method for protecting (HTML) or extended markup language (XML) pages. Such 

digital images that are referenced in dynamically generated web pages are e i ectr onic data files, stored on server 

web pages, in accordance with a preferred embodiment of 35 computers, containing layout information for displaying text 

the present invention; anc j graphics, and for running software applications such as 

FIG. 7 is a simplified illustration of a system for prevent- j ava applets. Typically, the data for the graphic objects, such 

ing unauthorized copying of digital images within a client as images, displayed within a web page is not contained 

computer, in accordance with a preferred embodiment of the within the web page file itself. Instead, the graphic objects 

present invention; 40 reside elsewhere on the same server computer or other 

FIG. 8 is a simplified flowchart of a method for preventing server computers, and the web page file contains references 

unauthorized copying of digital images within a client to the graphic objects. A reference to a graphic object 

computer, in accordance with a preferred embodiment of the specifies the network address of the computer containing the 

present invention; ^ graphic object, such as an IP address, together with the 

FIG. 9 is a simplified illustration of a system for copyright directory path (relative to a prescribed root directory) and 

protection of digital images residing on a computer that are filename for the graphic object. 

referenced in a web page residing on a different computer; When a web browser in a client computer downloads a 

FIG. 10 is a simplified flowchart of a method for copy- web page file, it parses the web page in order to display it 

right protection of digital images residing on a computer that 5Q on a video monitor. While parsing the web page, the web 

are referenced in a web page residing on a different com- browser encounters the references to graphic objects, and in 

puter; turn downloads the graphic objects. Downloading a web 

FIG. 11 is an illustration of a user interface dialogue box page file and the graphic objects it references is typically 

for adding a new site, within a protection management tool done through the HTTP protocol. Client requests for data on 

operative in accordance with a preferred embodiment of the ss server computers are issued through HTTP requests, and 

present invention; data transmission from server to client is issued through 

FIG. 12 is an illustration of a user interface dialogue box HTTP responses, 

for accessing a site, within a protection management tool After downloading the graphic objects, the web browser 

operative in accordance with a preferred embodiment of the can render the web page with the graphic objects embedded 

present invention; 60 therein, and display it to the user on his video monitor. In 

FIG. 13 is an illustration of a user interface screen for turn, the user can interact with the displayed web page by 

setting protection status, within a protection management clicking on hyper-links to other web pages, or by interacting 

tool operative in accordance with a preferred embodiment of with an application such as a Java applet, 

the present invention; Most web browsers enable a user to view the source for 

FIG. 14 is an illustration of a tool bar within a protection 65 the web page being displayed. For example, they may 

management tool operative in accordance with a preferred contain a menu item "View Page Source" under a "View" 

embodiment of the present invention; heading- In addition, they also enable a user to save images 
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being displayed, by right -clicking on such an image with a the user cannot select it, and the "Print Screen" key on the 

mouse cursor positioned thereover, and selecting a "Save keyboard may be disabled so that when the user presses on 

Image As ... " menu item. Upon selection of the "Save it, nothing happens, and copying of the image by other 

Image As ... " item, the web browser opens an Explorer type software applications may be blocked, 

directory window that enables the user to select a folder and 5 As described in detail hereinbelow, controlling or dis- 

filename for the image being saved. abling the "Save Image As ... " menu option is preferably 

In a preferred embodiment of the present invention, the accomplished by additional software used by the web 

image data that is transmitted from a server computer to a browser through intervention with mouse control functions, 

client computer is encrypted image data that is generated Controlling or disabling the "Print Screen" key on the 

from the original image data by encoding it using an 10 keyboard is preferably accomplished by additional software 

encryption algorithm. In this embodiment, additional soft- used by the web browser through intervention with keyboard 

ware may be required by the web browser in order to decode control functions. Controlling or disabling copying of dis- 

the encrypted data, since a standard web browser typically played image data by other software applications is prefer- 

supports only a limited number of image file formats, such ably accomplished within the Windows operating system by 

as GIF and JPEG, and may not contain the decoder neces- 15 intervention ("patching") with the Windows application 

sary to decrypt the encrypted image data. For the Netscape programming interface (API) functions which copy pixel 

Communicator web browser of Netscape Communications, data from the video buffer of a computer, such as BitBlt, 

Inc. of Mountain View, Calif., such additional software may StretchBlt, PlgBlt, GetPixel and GDI32. 

be a plug-in or a Java applet. For the Internet Explorer web Similarly, controlling or disabling copying of displayed 

browser of Microsoft Corporation of Redmond, Wash., such 20 image data by other software applications is preferably 

additional software may be an Active-X control or a Java accomplished within the Macintosh operating system by 

applet. The additional software is used to decode the using a system extension to intervene with ToolBox func- 

encrypted image data, and render it for display on a video tions. ToolBox calls are managed by an array of pointers in 

monitor. a Trap Dispatch Table, each pointer pointing to appropriate 

When a user attempts to save an image being displayed by 25 program code. As described in more detail hereinbelow, the 

his web browser, the present invention, in a preferred system extension can change these pointers so that they 

embodiment, prevents him from doing so. There are several point to different program code. The different program code 

manners in which a user can attempt to save an image being corresponds to patched ToolBox functions, 

displayed. The user may select the "Save Image As ... " A web server administrator ("webmaster") is responsible 

menu option that appears with right-clicking on the image. 30 for configuring web server software and for managing web 

The user may also attempt to save an image being pages and images stored on a server computer. Typically, the 

displayed by copying the image from his web browser's administrator may wish to protect some of the images from 

cache. Typically, images being displayed by web browsers unauthorized copying or use, and may wish to have other 

are stored temporarily in a local cache on the client com- 35 images unprotected, in accordance with instructions from 

puter. the owners of the images. In a preferred embodiment, the 

The user may also attempt to copy the entire screen by present invention includes a management tool for managing 

pressing a "Print Screen" command key on the keyboard. protection of digital images residing on a server computer. 

Typically, this causes the contents of the video display buffer ^ management tool preferably enables an administrator to 

to be pasted onto the user's clipboard. The user may also ^ selcct specific images to be protected from unauthorized 

attempt to save an image being displayed by running a copying or use as described hereinabove, 

software application outside of his web browser. For Image protection may be specified in several modes, 

example, an image editing application, such as Paint Shop including (i) on an individual image-by-image basis, (ii) on 

Pro of Jasc Software, may have the capability of copying a web page basis, (iii) on a folder basis, and (iv) on a tagged 

images from within web browsers to their own windows. 45 basis, as described hereinbelow. Protection specification on 

For each scenario whereby the user attempts to save an ^ individual image-by-image basis is carried out by select- 
image being displayed by his web browser, additional soft- m S one or more files the management tool, 
ware used by the web browser is operative to prevent the preferably by a user interface that presents an Explorer-type 
image data from actually being saved. In one embodiment, window for navigating through file systems, 
the present invention replaces the image being saved with 50 Protection specification on a web page basis is carried out 
substitute data, so that the user in fact saves a substitute by selecting one or more web page files within the manage - 
image. For example, the substitute image may be an ment tool. Selection of a web page for protection entails 
encrypted image, which the user is unable to view. For protection of all images referenced within the selected web 
another example, the substitute image may be a water- page. In one embodiment of the present invention, such 
marked version of the original image, derived therefrom by 55 referenced images are maintained protected when the same 
composing watermarks over the image. For yet another images are referenced within other web pages. In an alter- 
example, the substitute image may be a prescribed image, nate embodiment of the present invention, such referenced 
possibly unrelated to the image being displayed by the web images are protected only when referenced within web 
browser. Thus when the user selects the "Save Image As . . pages that are protected. 

. " option, or presses the "Print Screen" button, or copies the go Protection specification on a folder basis is carried out by 

image from another software application, the image that is selecting one or more folders within the management tool, 

saved into the local file system or copied to the clipboard is Selection of a folder for protection entails protection of all 

a substitute image. web pages and all images referenced within the selected 

In another embodiment, the present invention disables the folder and, recursively, within all sub -folders thereof, 

user's ability to save an image being displayed, and does not 65 Protection specification on a tagged basis is carried out by 

enable the user to save image data at all. For example, the delineating segments within a web page that axe to be 

"Save Image As . . . " menu option may be disabled, so that protected by protection tags. Specifically, in a preferred 
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embodiment of the present invention, protect and unprotect image referenced within web page 104, using protection 

tags, such as <!protect> and <!/protect>, are used to bound status database 118. It will be appreciated by those skilled in 

segments of layout instructions within a web page, and every the art that protection status database 118 may reside on a 

image referenced within such a segment between the tags is different computer than server computer 100, but when it 

protected Preferably, images referenced between the pro- 5 resides on server computer 100 the system of the present 

lection tags are protected only when referenced between invention can conveniently determine protection status of 

protection tags within web pages, and arc otherwise ™«8J* ™*°ut havm S to retrievc ™ ch ^formation from 

unprotected, unless additional protection has been specified another computer. 

by one of the above modes (individual image-by-image An unprotected image 110 referenced within web page 

basis, web page basis, and/or folder basis). 10 J°* is handled by web server software 102 in the normal 

. fashion. Specifically, neither the reference to unprotected 

In a preferred embodiment of the present invention, the n0 nof uo itself are modifieQ \ However, a 

management tool can be used to change the protection status protected image 108 referenced within web page 104 is 

(protected/unprotected) of images on a server computer handled differently. A modified web page 120 is generated 

from time-to-time. DV a we b p a g e modifier 122. Specifically, the reference to 

In a preferred embodiment of the present invention, the 15 protected image 108 in web page 104 is modified by web 

management tool need not be operated from the server page modifier 122 so as to reference substitute data 124. 

computer that contains the images whose protections are Substitute data 124 preferably corresponds to an image 

being specified. Instead, it can be executed from any com- lnat & visually identical or substantially similar to protected 

puter connected to such server computer via a network. Thus image 108. When substitute data 124 corresponds to an 

a web administrator can remotely set the protections of image that is visually identical to protected image 108, it is 

images on multiple server computers from his own local preferably an encrypted version of the protected image data, 

computer, as long as there is a network connection between i n a preferred embodiment of the present invention, the 

his computer and the multiple server computers. choice of what type of substitute data 124 to use depends on 

Reference is now made to FIG. 1, which is a simplified ^ the owner's preference (e.g. whether or not to display an 

illustration of a system for copyright protection of digital identical version of the protected image) and on the type of 

images for use within a distributed server-client computing web browser 112 issuing the HTTP web page request from 

environment, in accordance with a preferred embodiment of client computer 106. 

the present invention. A server computer 100 typically Specifically, with regard to the type of web browser 112 
includes web server software 102 that serves web pages 104 3Q issuing the HTTP web page request, web browsers 112 may 
to a plurality of client computers 106 over the Internet. Web include software that functions as a substitute data processor 
pages 104 typically contain references to images that are to 126, in the form of a browser plug-in, Java applet or 
be embedded within the pages when the pages are rendered Active-X control. Such a substitute data processor is capable 
on client computers 106. The images referenced in web 0 f rendering an encrypted image, and is also capable of 
pages 104 typically reside on server computer 100, although 35 preventing a user of client computer 106 from copying an 
they may reside on other computers as well. Operation of the image that is displayed by web browser 112. 
present invention when the images reside on other comput- In a pre ferred embodiment of the present invention the 
ers is described below with reference to FIG. 9 and FIG. 10. substitute data processor is not a Java applet, since Java 
Some of the images referenced in web pages 104 are applets are not readily capable of protecting against Win- 
preferably designated as protected images 108, which the ^ dows API calls that access pixel data from the video buffer 
owners desire to protect from unauthorized copying or use. of a computer, as mentioned hereinabove. However, it is 
Others of the images referenced in web pages 104 are apparent to those skilled in the art that as Java capabilities 
designated as unprotected images 110, which the owners are are extended, Java applets may become appropriate for such 
not concerned about protecting from unauthorized copying protection. 

or use. Designation of images as protected or unprotected is 45 when web browser 112 includes substitute data processor 

typically made by the owners of the images. For example, \26 ? substitute data 124 can be encrypted image data, or 

images may be designated as protected images when they 0 tber image data in a format that would not be supported by 

contain significant creative content, and images may be a standard web browser 112 that does not include substitute 

designated as unprotected images when they contain little or d a t a processor 126. Furthermore, when web browser 112 

no creative content, it- being understood that other criteria 50 includes a substitute data processor 126, substitute data 124 

can be used alone or in combination as a basis for distin- can app ear visually identical to protected image 108 when 

guishing between protected and unprotected images. rendered by substitute data processor 126, and yet a user of 

' Client computers 106 typically use web browser software client computer 106 is not able to copy or use it without 

112 to access web pages stored on server computers 100, authorization. 

over the Internet. A web browser 112 requests a web page 55 When web browser 112 does not include substitute data 

104 from a server computer 100 by issuing an HTTP request. processor 126, substitute data 124 should be compatible 

An HTTP request arriving at server computer 100 is pro- with a standard web browser. For example, substitute data 

cessed by web server software 102. 124 can be a standard JPEG image. Alternatively, when web 

In a preferred embodiment of the present invention, an browser 112 does not include substitute data processor 126, 

incoming HTTP request to server computer 100 is routed to 60 substitute data 124 can be encrypted image data if modified 

an HTTP request filter 114. HTTP filter 114 accesses the web page 120 is generated so as to prompt client computer 

requested web page 104 and parses it using a web page to download substitute data processor 126 in order to display 

parser 116, to identify the images that are referenced there- substitute data 124. This is typically the way in which web 

within. Server computer 100 maintains a protection status pages prompt a client computer to download Java applets, 

database 118 that stores a protection status (protected/ 65 Active-X controls within Internet Explorer, and plug-ins 

unprotected) for each image residing on server computer utilizing the Smart Update feature within Netscape Com- 

100. HTTP filter 114 determines the protection status of each municator. 
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In a preferred embodiment of the present invention, the At step 230 the user views the web page he requested. It 
determination of which images on server computer 100 arc is thus appreciated that the present invention enables the 
protected images 108 and which images are unprotected user to view protected images without being able to down- 
images 110 is managed by a protection manager 128 resid- i oa d them to bis computer in unmodified form. Instead, 
ing on a remote computer 130, connected to server computer 5 substitute data is downloaded, such as encrypted image data. 
100 by a network. It will be appreciated by those skilled in lf me determines at step 212 that the 
the art that protection manager 128 may reside on server sted web page does not re f er ence protected images and 
computer 100, but the possibility of it residing on a remote does qq1 haye eclkm ^ ^ HTTP request is 
computer 130 affords greater convenience to an admmistra ; J withoufany parsing. In this case, the 
tor who can men administer server computer 100, and other _ v . . t 3 . r j • . u i 
. . rf io processing is much simpler, and proceeds in the normal 
server computers as well, remotely off-site. ° _ 1t * » r 

_ . r . ' iTtr- „ r u;„u .v o M<\oA manner. Specifically, a modified web page is not generated 

Reference is now made to FIG. 2, which is a simplified , . j « .£ . • .u 

flowchart of a method for protecting digital images that are and subsmute data is not used. Rather, at aep 232 the 

distributed within a server-client computing environment, in unmodified web page is sent to the cheat computer within an 

accordance with a preferred embodiment of the present HTTP response. At step 234 the client computer receives the 

invention. The flowchart is divided into three columns. The 15 HTTP response containing the unmodified web page, and 

leftmost column includes steps performed by a user, the the web browser begins to render the web page. In rendering 

second column from the left includes steps performed by a the web page, the web browser encounters the references to 

client computer, and the rightmost column includes steps unprotected images, and at step 236 the client computer 

performed by a server computer connected to the client issues an HTTP request for the unprotected images to the 

computer over the Internet or such other network of com- 20 web server. At step 238 the server computer receives the 

puters. HTTP request for the unprotected images, and, in response, 

At step 202 the client computer requests a connection to at step 240 the server computer sends an HTTP response 

the server computer. At step 204 the server computer opens containing the unprotected images. At step 242 the client 

a communication socket between the client computer and computer receives the HTTP response with the unprotected 

the server computer. At step 206 the user requests to open a 25 image data, and at step 244 the web browser processes the 

web page using his web browser and, in response, at step unprotected images and renders them with the web page. 

208 the client computer issues an HTTP request for the web M 23() ^ ^ ^ web he requested . It 

page to a web server on the server computer, using the web fa ^ iated tfaat the unprotected image data * dowE1 . 

browser. At step 210 the web server receives the HTTP tQ ^ ^ uter „ modified daUf and * 

request for the web page from the client computer. 3 0 merefore suscept ible to unauthorized copying or use. 

In a preferred embodiment of the present invention, at n c . , . CTr , - . . , . „ . K - , 

. 4 t_ j,L*j* Reference is now made to FIG. 3, which is a simplified 

step 212 the server computer searches a database to deter- .„ 4 4 . c ■ c . 

/ . . ..u u u- *a e illustration of a management system, for managing protec- 

mine whether or not the web page being requested refer- & in accordance ^ a ferred 

ences any protected unages, or has protection tags. If so it embodimen 6 t of lhe present invemion . Remote computer 130 

routes the mcoming HTTP request to an HTTP request ^fito, 35 administers P Q of ^ QQ se(VH £ 100 „ 

as desenbedheremabove with respect to FIG l^TneHTW £ protection status information 

niter applies a web page parser .0 the requested web page ^tecte^i nprotected) within protection status database 

and identifies the images referenced therewi.hin. At step 214 £ g Remote P ute ' r 130 relrieves me information 302 

the server computer generates a modified web page wherein from 3 ^ of ^ ^ 1W ^ Kirieyes 

references to the protected images are replaced with refer- 40 fo ^ t(i 306 from ctioQ sXms database 118. 

ences to substitute data. The substitute data is preferably ? information 302, a user interface 308 displays a 

derived from the protected images. For example the sub- * folder nam we|j ^ names an(J . fik 

stitute data may be encrypted image data, obtained by ^ for ^ ^ 304 

applying an encryption algorithm to the protected image . JL < * e ma . 

data The modified web page is preferably a separate web 45 ^tection settings 306 are used by user interface 308 to 

page generated by a web page modifier, so that the original display an indicator of protection status alongside each 

web page is preserved, as indicated in FIG. 1. Alternatively, folder web page and image. For example, m a preferred 

the substitute references may be incorporated directly into embodiment of the present invention, protection settings 3 06 

the original web page, without generation of a separate are mdicated to a *™ as foUows: 

modified web page. 50 (0 an icon of a padlock is displayed alongside images that 

At step 216 the modified web page is sent back to the are designated as protected, whereas no icon is dis- 

client computer within an HTTP response. At step 218 the P^d alongside images that are designated as unpro- 

client computer receives the modified web page containing tected; 

■ references to substitute data, and the web browser begins to (ii) a dark blue page icon is displayed alongside web 
render the modified web page. In rendering the modified 55 pages all of whose referenced images are designated as 
web page, the web browser encounters the references to the protected, a light blue page icon is displayed alongside 
substitute data, and at step 220 the substitute data processor web pages some, but not all of whose referenced 
within the client computer issues to the web server an HTTP images are designated as protected, and a white page 
request for the substitute data. At step 222 the server icon is displayed alongside web pages none of whose 
computer receives the HTTP request for the substitute data, 60 referenced images are designated as protected; and 
and at step 224 the server sends an HTTP response contain- (iii) a dark blue folder icon is displayed alongside folders 
ing the substitute data to the client computer. At step 226 the all of whose referenced images are designated as 
client computer receives the HTTP response containing the protected, a fight blue folder icon is displayed along- 
requested substitute data, and at step 228 the client computer side folders some, but not all of whose referenced 
processes the substitute data using a substitute data 65 images are designated as protected, and a white folder 
processor, as described hereinabove with respect to FIG. 1, icon is displayed alongside folders none of whose 
and renders the web page. referenced images are designated as protected. 
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Protection settings 306 can be edited by means of user computer displays this information within a user interface of 

interface 308. A user can select one or more images from the protection manager tool 

among the list of image filenames displayed by user inter- At step 418 the user selects one or more folders and/or 

face 308, and set their protection status to protected or web pages, from among a list of folder names and web page 

unprotected. The user can also select one or more web pages 5 file names displayed by the user interface. In response, at 

from among the list of web page file names displayed by step 420 the protection manager computer requests image 

user interface 308, and set their protection status to protected information and protection status information from the 

or unprotected. Setting the protection status of a web page server computer, for the images contained within the 

to protected or unprotected is equivalent to setting the status selected folders and/or for the images referenced within the 

of all the images referenced therewithin to protected or 10 selected web pages. At step 422 the server computer receives 

unprotected, respectively. In one embodiment of the present the request from the protection manager computer, and at 

invention, such images referenced within a protected web step 424 the server computer sends the requested image 

page are treated as protected within any other web page, and information and protection status information to the protec- 

in an alternate embodiment of the present invention, such tion manager computer. As part of step 424 it may be 

images are treated as protected only within protected web 15 necessary for the server computer to parse the selected web 

pages. pages in order to identify the images referenced therewithin. 

Similarly, the user can select one or more folders from Parsing web pages is described hereinabove with reference 

among the list of folder names displayed by user interface to FIG. 1. 

308, and set their protection status to protected or unpro- At step 426 the protection manager computer receives the 

tected. Setting the protection status of a folder to protected 20 image information and protection status information, and at 

or unprotected is equivalent to setting the status of all the step 428 it displays this information within the user interface 

images and web pages within the folder and, recursively, of the protection manager tool. Each folder name, web page 

within all sub -folders thereof, to protected or unprotected, file name and image file name is displayed in the user 

respectively. interface with a corresponding icon alongside that indicates 

After editing protection settings, the user can click on a 25 its protection status. For example, file names of protected 

"submit" button in order to apply the modified protection images are displayed with an icon of a padlock alongside, 

settings on server computer 100- i.e., in order to have the At step 430 the user selects one or more folders, web 

modified protection settings take effect. Clicking on the pages and/or images from the list of folder names, web page 

submit button causes protection settings 306 to be transmit- file names and image file names displayed by the user 

ted from remote computer 130 to server computer 100. 30 interface, and sets their protection status to protected or 

When server computer 100 receives the modified protection unprotected. Setting a protection status for one or more 

settings, it incorporates them into protection status database folders causes such protection status to apply to all of the 

118. Once so incorporated, the modified protection settings images within such folders. Similarly, setting a protection 

take effect, and are used thenceforth to determine the pro- status for one or more web pages causes such protection 

tection status of the images on server computer 100. 35 status to apply to all of the images referenced within such 

In a preferred embodiment of the present invention, after web pages, 

the submit button is clicked and protection status database After editing the protection status of various folders, web 

118 is updated, the modified protection settings 306 are pages and images, the user clicks on a "submit" button to 

indicated in user interface 308 by updated icons, as apply the new protection settings. At step 432, the protection 

described hereinabove. 40 manager computer submits the edited image protection 

Reference is now made to FIG. 4, which is a simplified status information to the server computer. At step 434 the 

flowchart of a method for managing digital image server computer receives the edited protection status 

protection, in accordance with a preferred embodiment of information, and at step 436 the server computer incorpo- 

the present invention. The flowchart is divided into three rates this information into a protection status database. At 

columns. The leftmost column includes steps performed by 45 step 438 the server computer sends the updated protection 

a user, the second column from the left includes steps status information back to the protection manager computer, 

performed by a protection manager computer, and the right- as a confirmation. At step 440 the protection manager 

most column includes steps performed by a server computer. computer receives the updated protection status information 

At step 402 the user launches a protection manager from the server computer, and at step 442 it displays the 

software tool. At step 404 the protection manager computer 50 updated status information in the protection manager user 

initiates connection to a web server on the server computer. interface. 

At step 406 the server computer opens a communication For ease of use, in a preferred embodiment of the present 

socket with the protection management computer. At step invention the protection manager computer displays modi- 

408 the protection manager computer requests file system fied status information upon selection by the user, as soon as 

information from the server computer. The requested file 55 a protect button is pressed, prior to submitting it to the server 

system information includes a site map of the folders and computer. The changes are only sent to the server computer 

files in the server computer's file system, and protection when a submit button has been pressed. In this embodiment 

status information for the folders and files listed in the site steps 438, 440 and 442 need not be performed, 

map. Protection status of folders and files is preferably one Some URL's do not correspond to existing web page files, 

of the following: (i) protected, (ii) partially protected, (iii) 60 but instead contain instructions, such as CGI script instruc- 

pro tected using tags, and (iv) unprotected. tions or Visual Basic instructions, for generating dynamic 

At step 410 the server computer receives the request for web pages, such as active server pages. When a user opens 

file system information, and at step 412 the server computer such an URL, the server computer typically generates a web 

sends the requested information to the protection manager page dynamically, and sends the generated web page to the 

computer. At step 414 the protection manager computer 65 client computer. 

receives the requested file system information from the When web pages are generated dynamically, the server 

server computer, and at step 416 the protection manager computer cannot parse the web page for references to 
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protected images until the web page is generated. However, 
when the server receives an incoming HTTP request to 
generate a web page, it sends the generated web page as an 
outgoing HTTP response back to the IP address of the 
originating HTTP request. In order to be able to modify the 5 
generated web page before sending it to the client, so as to 
replace references to protected images with reference to 
substitute data, the present invention preferably re-submits 
the incoming HTTP request locally from the server com- 
puter to itself in order to be able to intercept the dynamically 10 
generated web page prior to its being sent to the client. 

Specifically, the incoming HTTP request from the client 
computer is routed to an HTTP filter, as described above 
with reference to FIG. 1. However, in distinction to FIG. 1, 
the HTTP filter re -submits the HTTP request from the server ^ 
computer to itself. This ensures that when the server com- 
puter generates the dynamic web page, it will return it to the 
HTTP filter, rather than to the client. When the server 
computer resubmits the HTTP request, it preferably does so 
by passing along any HTTP header information, such as a 20 
cookie, or any POST information in an HTTP POST request. 

Before generating the dynamic web page, in order to 
ensure that the HTTP request originates from HTTP filter, 
rather than from another source, the HTTP filter preferably 
appends an identifier at the beginning of the original HTTP 25 
request, prior to re -submitting the HTTP request. Thus the 
re-submitted HTTP request has an additional identifier in its 
beginning for authentication purposes. 

Preferably, the server computer authenticates the HTTP 
request, based on the identifier in its beginning, before 30 
accepting the request and generating the dynamic web page. 
After authenticating the request, the server computer 
removes the identifier that was appended, and proceeds to 
process the request. If the HTTP request is not authenticated, 
the server computer denies the request and does not proceed 35 
to generate the dynamic web page. 

In a preferred embodiment of the present invention, the 
appended identifier is randomly generated. This serves as a 
preventive measure against extraction and fraudulent use of 
the identifier, since the identifier is constantly being 40 
changed. 

When the server computer authenticates the re-submitted 
HTTP request and, in turn, dynamically generates the web 
page, it sends the web page to the originator of the 
re-submitted HTTP request; namely, to the HTTP filter. 45 
Upon receipt of the web page, the HTTP filter can then parse 
the page to identify the images referenced therewithin, and 
can generate a modified web page in which references to 
protected images are replaced with references to substitute 
data, as described hereinabove with reference to FIGS. 1 and 50 
2. The modified web page is sent back to the client computer 
in an HTTP response. 

Reference is now made to FIG. 5, which is a simplified 
illustration of a system for copyright protection of digital 
images that are referenced in dynamically generated web 55 
pages, in accordance with a preferred embodiment of the 
present invention. Dynamically generated web pages are 
generated by a web server in response to an HTTP request. 
For example, an HTTP request may contain instructions for 
a CGI interpreter. 60 

Similarly, images may also be dynamically generated. 
Examples of dynamically generated images are 

<img src=101.345-56.52/GetImage.asp?image=01> and 

<img src«101.345.56.52/scripts/Getlmage.cgi?image= 
name.jpg>. 65 

Unlike the system illustrated in FIG. 1 where a requested 
web page already resides as an HTML, XML or such other 



,892 B2 

16 

web page file on a server computer, when a client computer 
issacs a request for a dynamically generated web page or a 
dynamically generated image, the request cannot be filtered 
until after it is processed, since only then is the web page or 
the image available. 

In a preferred embodiment of the present invention, 
dynamically generated web pages are handled by re-routing 
an incoming HTTP request from the server computer to 
itself, in order that the dynamically generated web page first 
be processed by an HTTP request filter before being sent to 
the client computer. Specifically, in response to a user 
selecting a URL with a CGI script or such other script, 
client computer 106 issues an HTTP request to server 
computer 100 that includes instructions for generating a web 
page. The HTTP request is indicated by a circle-1 in FIG. 5. 
The incoming HTTP request is routed to a filter 502 for 
processing. Since the requested web page is not available at 
this stage, filter 502 cannot parse or modify the page. 

Instead, filter 502 re-submits the HTTP request to server 
computer 100. In doing so, filter 502 appends an identifier at 
the beginning of the HTTP request, for authentication pur- 
poses. The re-submitted HTTP request is indicated by a 
circle-2 in FIG. 5. When the re-submitted HTTP request 
arrives at server computer 100 it is routed to an authenticator 
504, which authenticates the request based on its appended 
identifier. Once authenticated, the identifier is removed from 
the re-submitted HTTP request, and it is processed by server 
computer 100. In processing the re-submitted HTTP request, 
server computer dynamically generates a web page 506 
using a dynamic web page generator 508. Web page 506 
references one or more protected images 108. 

When web page 506 is generated, server computer 100 
sends it within an HTTP response to the address of the 
originator of the request. The HTTP response is indicated by 
a circle-3 in FIG. 5. Since the re-submitted HTTP request 
originated from filter 502 of server computer 100, the HTTP 
response with web page 506 is sent to server computer 100. 
The response is routed to filter 502 for further processing. 

Filter 502, after receiving the HTTP response with web 
page 506, can proceed to generate substitute data 124, and 
to generate a modified web page 120 using web page 
modifier 122, as is described hereinabove with reference to 
FIG. 1. Modified web page 120 contains a reference to 
substitute data 124, instead of a reference to protected 
images 108. 

Modified web page 120 is included within an HTTP 
response and sent back to client computer 106. The HTTP 
response including modified web page 120 is indicated by a 
circle-4 in FIG. 5. The four indicators, circle-1, circle-2, 
circle-3 and circle-4 taken together illustrate the data flow 
from an original HTTP request to a final HTTP response. 

As mentioned hereinabove, in a preferred embodiment of 
the present invention substitute data 124 can be rendered so 
as to generate images visually equivalent to protected 
images 108, in which case the user can view the content of 
protected images 108 without downloading unmodified pro- 
tected image data to client computer 106. For example, 
substitute data 124 can be encrypted image data. 

Reference is now made to FIG. 6, which is a simplified 
flowchart of a method for protecting digital images that are 
referenced in dynamically generated web pages, in accor- 
dance with a preferred embodiment of the present invention. 
The flowchart is divided into three columns. The leftmost 
column includes steps performed by a user, the second 
column from the left includes steps performed by a client 
computer, and the rightmost column includes steps per- 
formed by a server computer connected to the client com- 
puter over the Internet or such other network of computers. 
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At step 602 the client computer initiates a connection to 
the web server. At step 604 the server computer opens a 
communication socket between the client computer and the 
server computer. At step 606 the user opens a URL for an 
active server page in his web browser, or another such URL 5 
that includes a request for dynamically generating a web 
page. At step 608 the client computer issues an HTTP 
request for an active server page to the server computer. At 
step 610 the server computer receives the request for the 
active server page from the client computer. At step 612 the 1Q 
server computer appends an identifier at the beginning of the 
HTTP request, and at step 614 the server computer 
re-submits the HTTP request to the server computer with the 
appended identifier. At step 616 the server computer 
receives the re -submitted HTTP request and authenticates 
the request based on its appended identifier. If the request is 15 
authenticated, then at step 618 the server computer removes 
the appended identifier from the request, and at step 620 the 
server processes the request and dynamically generates a 
web page that references one or more protected images. 

At step 622 the server incorporates the dynamically 20 
generated web page within an HTTP response and sends it 
to an address of the originator of the HTTP request. 
Specifically, since the HTTP request was re-submitted by the 
server computer at step 614, the server computer is the 
originator of the re-submitted HTTP request and, as such, 25 
the HTTP response containing the web page referencing 
protected images is transmitted to the server computer. It can 
be appreciated that authentication at step 616 is necessary in 
order to control HTTP responses that contain unmodified 
web pages referencing protected image data, so that they are 30 
only transmitted to server computer 100, and not to any 
other computers. 

At step 624 the server computer processes the dynami- 
cally generated web page similar to the processing described 
hereinabove with reference to FIG. 2. Specifically, the server 35 
generates a modified web page having references to substi- 
tute data in place of the references to protected images. At 
step 626 the server computer sends an HTTP response 
including the modified web page to the client computer, and 
at step 628 the client computer receives the HTTP response. 40 
At step 630 the client's web browser renders the modified 
web page and, in doing so, encounters the references to 
substitute data and, in turn, requests the substitute data from 
the server computer. At step 632 the server computer 
receives the request for the substitute data, and at step 634 45 
the server computer sends the substitute data to the client 
computer. At step 636 the client computer receives the 
substitute data, and at step 638 the client computer's web 
browser processes the substitute data and renders it embed- 
ded within the web page. Finally, at step 640 the user views 50 
the web page. 

As described hereinabove, in a preferred embodiment of 
the present invention, when a user views a web page 
containing protected images, the image data sent from a 
server computer to the user's client computer is substitute 55 
data. For example, the substitute data can be encrypted 
image data. This ensures that the user cannot use his web 
browser to save an unmodified version of the protected 
image. Moreover, as described hereinabove, in a preferred 
embodiment of the present invention, software included 60 
within the web browser is used to prevent the user from 
saving a displayed image using the "Save Image As ... " 
option. The "Save Image As ... " selection can be disabled, 
or alternatively it can be modified so that substitute image 
data is provided instead of protected image data. 65 

However, it is apparent to those skilled in the art that in 
order to display a protected image within a web page, at 
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some level within the operating system decoded pixel data 
has to be available. Typically, a video card displaying image 
data on a video monitor stores the image data within a video 
display buffer. As such, even if the image data is encrypted 
when downloaded to the client computer, within the client 
video buffer the data is available as raw pixel data, and at 
some level the encrypted data is decoded before it can be 
displayed. 

Pixel data stored within a video display buffer is suscep- 
tible to unauthorized use or copying, since an operating 
system typically enables a programmer to access data in the 
video display buffer. For example, the Windows operating 
system of Microsoft Corporation of Redmond, Wash., pro- 
vides system functions, such as the familiar BitBlt function, 
for accessing pixel data within the video display buffer. 
Moreover, such operating systems provide high level 
functions, such as the Print Screen function, which serve to 
copy data from the video display buffer to another memory 
buffer, such as a clipboard. Once image data has been copied 
to a clipboard, it can be easily saved and used for unautho- 
rized purposes. 

In a preferred embodiment, the present invention prevents 
a user from using Windows API functions, such as BitBlt, 
StretchBlt, PlgBlt, GetPixel and GD132, to copy protected 
image data, by including software within the user's web 
browser that substitutes other functions for those Windows 
API functions. For example, the software within the user's 
web browser provides a substitute BitBlt function, which is 
invoked instead of the standard system BitBlt function when 
the user issues a command to copy data from the video 
display buffer. The substitute BitBlt function includes spe- 
cial logic for dealing with protected image data, but is 
otherwise identical to the standard system BitBlt function. 
The special logic serves to supply substitute pixel data 
instead of protected image data, so that the data that is 
copied to the user's clipboard is different from the raw pixel 
data of protected images. For example, the special logic can 
compose watermarks and/or a text message onto protected 
image pixel data, or it can encrypt protected image pixel 
data, or it can supply a completely white image instead of a 
protected image. 

By providing a substitute BitBlt function, or such other 
system level function, the present invention prevents unau- 
thorized copying and use of protected image data whenever 
an attempt is made to copy from the video display buffer. 
This includes a user's invocation of the Print Screen 
command, as well as another software application, such as 
an image editing application, running within or external to 
the user's web browser, attempting to copy and paste from 
the video display buffer. 

Reference is now made to FIG. 7, which is a simplified 
illustration of a system for preventing unauthorized copying 
of digital images within a client computer, in accordance 
with a preferred embodiment of the present invention. Client 
computer 106 displays an image accessed over the Internet 
using a web browser. The image may be an unprotected 
image 702 or substitute data for a protected image 704. A 
user issues a command in an attempt to copy the image from 
his video display buffer. For example, the user may press the 
"Print Sera" button on his keyboard, or invoke such other 
screen capture command, in order to copy the data in the 
video display buffer onto his clipboard. For another 
example, the user may try to copy and paste the image from 
his web browser window into a window of another software 
application. 

The user's command invokes an operating system level 
function 706 used to access pixel data within the video 
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buffer of client computer 106. For example, it may invoke In some cases the protected images may not reside on the 
the Windows BitBlt function. Typically, such a function 706 same computer as the web page that references them, and the 
copies pixel data from the video buffer onto a clipboard. filter software that modifies web pages and generates sub- 
In a preferred embodiment of the present invention, stitute image data may not reside on the computer that 
software such as a Netscape plug-in or an Internet Explorer 5 houses the protected images. Thus it may not be possible to 
Active-X control is used to modify operating system func- generate substitute image data on the computer that bouses 
tion 706, by introducing additional programming logic to be the protected images. 

used when attempting to access pixel data from protected In a preferred embodiment of the present invention, the 

images. Modification of operating system function 706 is protected images are first downloaded to the computer that 

preferably accomplished by providing a substitute function 10 houses the web page, so that substitute data can be generated 

of the same name, which supersedes and is invoked instead at such computer. However, this process is preferably care- 

of the standard system function. fully arranged, so as not to compromise the protection of 

When attempting to access pixel data from protected such images. Specifically, the references to the images 

image 704, operating system function 706 routes the request within the web pages should be disguised in aliases, so that 

to an alternate processing unit 708. Alternate processing unit 15 a user cannot identify the protected images and access them 

708 can prevent any copying of pixel data, or it can modify by issuing a direct HTTP request to the computer that houses 

the pixel data so as to watermark or otherwise modify the them. 

protected image. Similarly, alternate processing unit 708 can The computer that houses the web page should preferably 

output pixel data for a pre-determined image, unrelated to also contain a table of aliases, for converting image file 

the protected image. 20 name aliases into IP addresses and true file names. In this 

On the other hand, when attempting to access unprotected way, a user accessing such a web page can only see aliases 

image 702, the additional programming logic is avoided, and for IP addresses of protected images, and cannot access them 

the standard processing is applied. Preferably this is accom- directly. 

plished by calling the standard system level function from Reference is now made to FIG. 9, which is a simplified 

within the substitute function. 25 illustration of a system for copyright protection of digital 

Reference is now made to FIG. 8, which is a simplified images residing on a computer that are referenced in a web 

flowchart of a method for preventing unauthorized copying page residing on a different computer. Client compu ter 106 

of digital images within a client computer, in accordance contains a web browser 112, which issues an HTTP request 

with a preferred embodiment of the present invention. The for a web page from server computer 900. The requested 

flowchart is divided into two columns. The leftmost column 30 web page, 902, resides on server computer 900 (server 

includes steps performed by a user and the rightmost column computer #1), but it references a protected image 904 that 

includes steps performed by a client computer. resides on a different server computer 906 (server computer 

At step 802 the user opens a web page in his web browser. #2). As a result, server computer 900 may not be able to 

At step 804 the client computer renders the web page generate substitute data, such as encrypted image data, for 

including an embedded image. At step 806 the user views 35 protected image 904 until it first downloads protected image 

the web page, and at step 808 the user attempts to copy the 904. 

embedded image by executing a command to copy pixel Moreover, in order to protect image 904 from unautho- 

data of the image from a video buffer to a clipboard. For rized access, the reference in web page 902 to image 904 is 

example, the user may execute the Print Screen or such other done through an alias 908. That is, the reference does not 

screen capture command. 40 specify the IP address and true file name of image 904; 

At step 810, in response, the client computer calls an instead, it specifies an alias 908, which only server computer 

operating system function, such as the Windows BitBlt 900 can interpret. In a preferred embodiment of the present 

function, to extract pixel data from the video buffer and copy invention, server computer 900 maintains a table with 

it to the chpboard. At step 812 control logic passes to a entries that convert each alias 908 for a protected image into 

substitute function, and a test is made as to whether or not 45 an IP address and true file name. 

the image data in the video buffer is protected. If so, then at When server computer 900 receives the HTTP request for 

step 814 processing jumps to step 818 where substitute web page 902 from client computer 106, it parses web page 

program code replaces the requested pixel data with substi- 902 and identifies therewithin an image reference with an 

tute data, and at step 820 the substitute data is returned by alias 908. Server computer 900 deciphers alias 908 to 

the operating system function. If the image data in the video 50 determine the IP address and true file name for protected 

buffer is not protected, then processing jumps to step 816 image 904. Server computer 900 downloads protected image 

following step 812, and the requested pixel data is returned 904 from server computer 906, and uses it to generate 

by the operating system function, as usual. substitute data 910. 

At step 822 the data returned from the operating system Server computer 900 generates substitute data 910, and 

function is written to the clipboard and at step 824 the user 55 generates a modified web page 912 using a web page 

pastes the data from the clipboard into a window of another modifier 914. Web page modifier replaces the reference to 

software application, or saves it into his computer. Since the alias 908 within web page 902 by a reference to 

substitute data was used to replace protected pixel data, the substitute data 910. Modified web page 912 is sent to client 

user is unable to copy unmodified pixel data from the 106 within an HTTP response, and web browser 112 dis- 

protected image. so plays modified web page 912 with substitute data 910 

The system and method described with reference to FIG. embedded therewithin. In a preferred embodiment of the 

1 and FIG. 2 deal with protection of digital images that are present invention, web browser 112 contains a substitute 

located on the same server computer as the web page that data processor 126 that is used to render substitute data 910. 

references them. In such a scenario, the present invention Reference is now made to FIG. 10, which is a simplified 

preferably uses filtering software residing on the server 65 flowchart of a method for copyright protection of digital 

computer to generate substitute image data and a modified images residing on a computer that are referenced in a web 

web page, as described hereinabove. page residing on a different computer. The flowchart is 
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divided into four columns. The leftmost column includes 
steps performed by a user, the second column from the left 
includes steps performed by a client computer, the third 
column from the left includes steps performed by a first 
server computer (server computer #1), and the rightmost 
column includes steps performed by a second server com- 
puter (server computer #2). 

At step 1002 a user opens a URL for a web page in his 
web browser. At step 1004 the client computer issues an 
HTTP request for the web page to server computer #1. At 
step 1006 the first server computer receives the HTTP 
request for the web page. The web page references a 
protected image located on the second server computer, but 
the protected image is not referenced by name. Rather, the 
protected image is referenced by an alias. At step 1008 the 
first server computer looks up the IP address and true file 
name for the protected image, from a table with entries for 
mapping aliases to IP addresses and true file names. 

At step 1010 the first server computer requests the pro- 
tected image data from the. second server computer. At step 
1012 the second server computer receives the request from 
the first server computer, and at step 1014 the second server 
computer sends the protected image data to the first server 
computer. At step 1016 the first server computer receives the 
protected image data from the second server computer, and 
at step 1018 the first server computer replaces the protected 
image data with substitute data. Alternatively, the first server 
computer may generate substitute data and keep the pro- 
tected image data intact, or it may use substitute data that is 
pre-defined image or text data. 

At step 1020 the first server computer modifies the web 
page by replacing references to the aliased image with 
references to the substitute data. At step 1022 the first 
computer sends an HTTP response including the modified 
web page to the client computer. At step 1024 the client 
computer receives the HTTP response with the modified 
web page, and begins to render the web page using its web 
browser. The web browser encounters the reference to the 
substitute data and, in response, at step 1026 the client 
computer requests the substitute data from the first server 
computer. At step 1028 the first server computer receives the 
request for the substitute data, and at step 1030 the first 
server computer sends the requested substitute data to the 
client computer. At step 1032 the client computer receives 
the substitute data, and at step 1034 the client computer web 
browser processes the substitute data in order to embed it 
within the web page. Finally, at step 1036 the user views the 
requested web page with the image embedded, but without 
the protected image data having been downloaded to the 
client computer, and without the identity (i.e., IP address and 
true file name) of the protected image having been disclosed. 
User Interface 

FIGS. 11-18 illustrate a user interface for a software 
management protection tool operative in accordance with a 
preferred embodiment of the present invention. Such a 
management protection tool is described hereinabove with 
reference to FIG. 3 and FIG. 4, and enables an administrator 
to set protection status for images residing on one or more 
web server computers. 

Reference is now made to FIG. 11, which illustrates a user 
interface dialogue box for adding a new site, within a 
protection management tool operative in accordance with a 
preferred embodiment of the present invention. When a user 
launches the protection management tool for the first time, 
a New Site dialogue box, such as the one illustrated in FIG. 
11, opens. The New Site dialogue box can also be opened by 
the user at any later time, whenever he wants to administer 
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a new HTTP site that is not already listed in a site list 
maintained by the protection management tool, by clicking 
on the "New Site . . . " button in the Access Site dialogue box 
illustrated in FIG. 12, or by clicking on the "New . . . " 

5 button in the Site List dialogue box illustrated in FIG. 17. 
The New Site dialogue box prompts the user to identify the 
new site he wishes to administer by entering an IP address 
for the site and a port for the site. A default value of 80 for 
the port is used, since port 80 is the standard HTTP port. The 
user is also prompted to enter an optional alias for the site, 
for quick reference. 

After entering the site identification data, the user can 
click on "OK" to add the site to the site list. He can also click 
on "Cancer to cancel his entries. Clicking on OK or on 
Cancel cause the dialogue box to close. The New Site 

15 dialogue box can also be closed by clicking on the "X" in the 
upper right corner of the dialogue box window, as is 
typically done to close windows in the Windows operating 
system. 

Reference is now made to FIG. 12, which is an illustration 

20 of a user interface dialogue box for accessing a site, within 
a protection management tool operative in accordance with 
a preferred embodiment of the present invention. After the 
user adds a new site to the site list in the New Site dialogue 
box illustrated in FIG. 11, an Access Site dialogue box, such 

25 as the one illustrated in FIG. 12, opens. The Access Site 
dialogue box can also be opened by the user at any time, 
whenever he wants to access sites in the site list, by clicking 
on the "Modify" button in the Site List dialogue box 
illustrated in FIG. 17. The Access Site dialogue box prompts 

30 the user to select a specific site to administer by entering site 
identification information. For ease of use, the user can click 
on the down arrow shown at the right, and in response the 
protection management tool displays a drop-down menu 
with a list of all sites included in the site list. The user can 

35 then select a site from the menu, and the site identification 
information is automatically entered in the dialogue box. 

The Access Site dialogue box also prompts the user to 
enter a password. The password for a site is first set when 
copyright protection software is installed on a web server 

40 computer. At the time of installation, the web administrator 
sets an initial password for the web site, together with other 
server parameters. The web site password can be modified at 
a later time, as described hereinbelow with reference to FIG. 
16. 

45 The user can check the "Save Password" box if he wants 
the protection management tool to save the password he 
enters, for automatic use when he subsequently accesses the 
site. After entering the required data, the user can click the 
"OK"button to access the site, or he can click the "Cancel" 

50 button to cancel his entries. Clicking on OK or on Cancel 
cause the dialogue box to close. The Access Site dialogue 
box can also be closed by clicking on the "X" in the upper 
right comer of the dialogue box window, as is typically done 
for windows in the Windows operating system. 

55 If the user clicks the "OK" button then his password is 
authenticated. If the password is correct, the user is granted 
access to the site, and the main screen illustrated in FIG. 13 
is opened. If the password is incorrect, the user is so notified 
and given a limited number of tries to enter the correct 

60 password. In an alternate embodiment of the present 
invention, the user may be given an unlimited number of 
tries to enter the correct password. 

The Access Site dialogue box also enables the user to 
open the New Site dialogue box illustrated in FIG. 11, by 

65 clicking on the "New Site ..." button- 
Reference is now made to FIG. 13, which is an illustration 
of a user interface screen for setting protection status, within 
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a protection management tool operative in accordance with 
a preferred embodiment of the present invention. The screen 
illustrated is an Explorer-type screen, with a left panel 
displaying hierarchical folder information and a right panel 
displaying image file information. At the left of each dis- 
played folder name is a folder icon, color-coded to indicate 
the protection status (unprotected/partially protected/ 
completely protected) of the folder, as described herein- 
above. 

The toolbar at the top of the screen indicates that the 
leftmost button, "Get List", is selected. A description of the 
toolbar is provided hereinbelow with reference to FIG. 14. 
The file name "index. html" of an HTML page that is in the 
folder/Sample/csafe is highlighted in the left panel of FIG. 
13. The image files referenced within index.html are dis- 
played in the right panel. As shown, they arc files for GIF 
images. The "Status" column within the right panel indicates 
that none of the images listed in the panel are protected, 
since no protection icons appear. The protection manage- 
ment tool enables the user to select one or more of the listed 
images for setting protection. The user selects one or more 
images by clicking on their file names with the mouse, and 
using the "Shift" and "Control" keys to select a contiguous 
group of names or multiple names, respectively, as is the 
well-known standard for Windows operating systems. After 
selecting one or more images, the user clicks on the "Pro- 
tect" button to have protection settings applied thereto. 

In a preferred embodiment of the present invention, the 
"Protect" button toggles the current protection settings, so 
that images that are unprotected become protected, and 
images that are protected become unprotected. In an alter- 
nate embodiment of the present invention, the user interface 
may not permit a user from selecting at one time both images 
that are protected and images that are unprotected, so that 
each application of protection settings either sets the status 
of unprotected images to protected or sets the status of 
protected images to unprotected. 

As described hereinabove, the user can select one or more 
HTML files, to apply protection settings to all images 
referenced therein. The user can also select one or more 
folders, to apply protection settings to all images located 
therein. By navigating through the file system, the user can 
browse the web site being administered with the screen of 
FIG. 13, and select folders, HTML pages and other types of 
web pages, and images to protect or to unprotect. 

Reference is now made to FIG. 14, which is an illustration 
of a tool bar within a protection management tool operative 
in accordance with a preferred embodiment of the present 
invention. The tool bar illustrated in FIG. 14 is the one 
appearing at the top of the screen illustrated in FIG. 13. It 
contains eight buttons, entitled "Get List", "Protect", 
"Tags", "Submit", "Mirrors", "Sites", "Server" and "Help". 
The "Get List" button is used to browse the web site being 
administered using the screen illustrated in FIG. 13 herein- 
above. The "Protect" button is used to apply protection 
settings to one or more selected images, as described here- 
inabove with reference to FIG. 13. 

The Tags button can be used when a user selects one or 
more HTML page file names, to protect images referenced 
within protection tags in the selected HTML, pages. As 
described hereinabove, tags such as <!protect> and 
<!/protect> are used to delineate one or more sections within 
an HTML page, and the images referenced within the tagged 
sections can be protected by selecting the HTML file name 
and clicking on the "Tags" button. In distinction to the 
Protect button which serves to protect all of the images 
within selected HTML pages, the "Tags" button only pro- 
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tects images referenced within the tagged sections of 
selected HTML pages. 

The "Submit" button is used to confirm protection settings 
made by the user, and transmit them to the web server 

5 computer for application. When the user clicks on the 
"Submit" button, the protection settings he edited are sent to 
the web server computer and incorporated into the protec- 
tion status database, as described hereinabove with reference 
to FIG. 3 and FIG. 4. Until the user clicks on the "Submit" 

10 button, the protection settings he edited are only displayed 
within the protection management tool by his local com- 
puter. Only when he clicks the "Submit button are his 
settings actually applied. If the user does not click on the 
"Submit " button, then all of the protection settings he edited 

15 will not take effect, and the protection settings will remain 
at their former state if he closes the screen. 

The "Mirrors" button is used to identify web sites that are 
mirror sites (i.e., identical sites), as described hereinbelow 
with reference to FIG. 18. The "Site" button is used for 

20 updating the list of administered sites, as described herein- 
below with reference to FIG. 17. The "Server" button is used 
to modify server parameter settings, as described hereinbe- 
low with reference to FIG. 15. The server parameters are 
first initialized when the copyright protection software is 

25 installed on the web server computer. 

The "Help" button is used to invoke on-fine help and 
documentation, as is typical for Windows applications. 

Reference is now made to FIG. 15, which is an illustration 
of a user interface dialogue box for setting server parameters 

30 within a protection management tool operative in accor- 
dance with a preferred embodiment of the present invention. 
A Server Settings dialogue box is invoked when a user clicks 
on the "Server" button in the tool bar illustrated in FIG. 14. 
The topmost parameter is the IP address for the web 

35 server. The parameter setting indicated in FIG. 15 specifies 
an IP address of 192.168.139 and a port of 80. The second 
parameter is the root directory for the web server, relative to 
which folder names and file names are specified. The 
parameter setting indicated in FIG. 15 specifies a root 

40 directory of d:/Inetpub/wwwroot. The third parameter is the 
file name of a default web page that is displayed when a 
client first connects to the web server. The parameter setting 
indicated in FIG. 15 specifies a default web page default .htm 
(residing in the root directory). 

45 The fourth parameter specifies what is to be performed 
when a protected image is requested by an unsupported web 
browser. An unsupported web browser is one for which a 
substitute data processor, such as the one indicated in FIG. 
1, is not installed. For such a browser the web server cannot 

50 send substitute data, such as encrypted image data, since the 
browser will not be able to render it. Instead, the web server 
must send an image in a standard format such as JPEG and 
GIF, which the browser can render. 
In a preferred embodiment, the protection management 

55 tool offers three options for dealing with unsupported brows- 
ers: (i) allow protected images to be transmitted without 
protection; (ii) replace tags for protected images with alter- 
nate HTML tags; and (iii) watermark protected images. The 
fourth parameter specifies which of these three options the 

60 user chooses. The parameter setting indicated in FIG. 15 
specifies the third option; namely, that tiled watermarks are 
to be composited onto the protected image, and the resulting 
watermarked image is to be transmitted instead of the 
protected image itself. Preferably, this is the default param- 

65 eter setting. The watermarked image is transmitted in a 
standard image format, such as JPEG and GIF, and, as such, 
it can be displayed by the web browser. 
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Hie fifth parameter indicates the replacement tag to be 
substituted for a reference to a protected image in an HTML 
page, when the client is using an unsupported browser and 
when the second option above is chosen for handling 
unsupported browsers. The parameter setting indicated in 5 
FIG. 15 specifies that the replacement tag to be used is an 
IMG tag with a source file name of /default/Err.gif. 
Preferably, this is the default parameter setting. 

Ihc sixth parameter indicates the image of a watermark to 
be used for watermarking protected images, when the client 10 
is using an unsupported browser and when the third option 
above is chosen for handling unsupported browsers. 
Typically, the watermark image is a small image, and it is 
tiled so that the watermark appears repetitively in a check- 
erboard fashion, or other such fashion, over a protected 15 
image that is watermarked. The parameter setting indicated 
in FIG. 15 specifies that the watermark image is in a file 
named watermark.gif. The seventh parameter indicates the 
saturation, or opacity level, with which the watermark is to . 
be composited over a protected image, when the client is 20 
using an unsupported browser. A saturation of 0.0 is fully 
transparent, and a saturation of 1.0 is fully opaque. The 
parameter setting indicated in FIG. 15 specifies a saturation 
level of 85%. Preferably, this is the default parameter 
setting. The eighth parameter indicates a transparent color 25 
for the watermark; i.e., a color to be treated as background 
and not changed by the watermark. This ensures that back- 
grounds of protected images are not watermarked. The 
parameter setting indicated in FIG. 15 indicates a watermark 
transparent color of white (255). Preferably, this is the 30 
default parameter setting. 

The next three parameters are disabled so that they cannot 
be edited. They indicate the DLL version of the copyright 
protection software, the Netscape version and the ActiveX 
version, respectively. 35 

The twelfth parameter indicates the directory in which 
substitute data, such as encrypted images, are cached for 
efficient re -use upon subsequent requests for the same pro- 
tected images. The parameter setting indicated in FIG. 15 
indicates the directory/cache (relative to the root directory 40 
d:/Inetpub/wwwroot). The thirteenth parameter indicates the 
length of time during which a file is maintained in the cache 
directory. The parameter setting indicated in FIG. 15 indi- 
cates a duration of 1,440 minutes. After this duration a 
cached file is purged from the cache. The fourteenth param- 45 
eter indicates the frequency with which the cache is 
monitored, to determine which files are to be purged from 
the cache. The parameter setting indicated in FIG. 15 
indicates a monitoring frequency of every 1,440 minutes. 

The fifteenth parameter indicates a file name into which a 50 
log file is written. The parameter setting indicated in FIG. 15 
indicates a file name of cSafeLog.txt. This file will receive 
log data for the copyright protection software running on the 
server. The log data may include information such as 
requests for protected image data, the clients making the 55 
requests and the data transmitted to them in response. The 
sixteenth parameter indicates the level of detail to be written 
to the log file. Level zero corresponds to the minimum of 
detail — only critical information, and higher levels corre- 
spond to additional detail. 60 

The seventeenth parameter indicates the e-mail address of 
the administrator of the web server computer, to be con- 
tacted as necessary. For example, the administrator can be 
contacted whenever there is upgraded copyright protection 
software available, or whenever new products are available. 65 

After setting values for the server parameters, the user can 
click on the "OK" button to apply the new parameter 
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settings. The user can also click on "Cancer' to cancel his 
entries. If the user wishes to modify the password for the 
server, he can click on the "Modify Password" button, which 
opens the "Modify Password" dialogue box, as described 
with reference to FIG. 16. 

Reference is now made to FIG. 16, which is an illustration 
of a user interface dialogue box for modifying a password 
for accessing a web server, within a protection management 
tool operative in accordance with a preferred embodiment of 
the present invention. A Modify Password dialogue box is 
invoked when a user clicks on the "Modify Password" 
button in the Server Settings dialogue box illustrated in FIG. 
15. The Modify Password dialogue box prompts the user for 
the typical information used when changing a password. The 
user is prompted to enter the current password, the new 
password and a confirmation of the new password. The user 
may also check a box indicating that the password is to be 
saved by the protection management tool, so that the user 
can subsequently access the web site without having to 
specify the password again (as long as the password remains 
valid). After providing the requested passwords, the user can 
click on the "OK" button to effectuate his change. He can 
also click on the "Cancel" button to cancel his entries. 

In a preferred embodiment of the present invention, the 
protection management tool sets a maximum expiration date 
for a password, thus forcing the user to update his password 
from time to time. 

Reference is now made to FIG. 17, which is an illustration 
of a user interface dialogue box for a site list, within a 
protection management tool operative in accordance with a 
preferred embodiment of the present invention. The "Site 
List" dialogue box is invoked when a user clicks on the 
"Sites" button in the tool bar illustrated in FIG. 14. The Site 
List dialogue box lists all of the sites included in the site list 
used by the protection manager tool. The sites are listed by 
alias name, or by IP address for those sites that do not have 
an alias. 

A user can add a new site to the list by clicking on the 
"New ..." button. A user can modify the settings for a site 
already included in the list by clicking on the "Modify . . . 
" button. A user can delete sites from the site list by selecting 
one or more sites listed in the dialogue box, and clicking on 
the "Delete" button. The "Delete" button is shown disabled 
in FIG. 17, since none of the sites listed are selected. The 
user closes the Site List dialogue box by clicking on the 
"Close" button or on the "X" at the top right corner of the 
dialogue box window. 

Reference is now made to FIG. 18, which is an illustration 
of a user interface dialogue box for defining mirror sites, 
within a protection management tool operative in accor- 
dance with a preferred embodiment of the present invention. 
Mirror sites are identical web sites, used for the purpose of 
proliferating files on multiple server computers, so as to 
balance the processing load over multiple computers, and so 
as to make it easier for users around the world to access files. 
It is the responsibility of web administrators to ensure that 
mirror sites are kept current. 

In a preferred embodiment of the present invention, 
protection settings edited by a user for a specific web site can 
be applied to one or more mirror sites as well, without the 
need for the user to explicitly edit the settings on each 
individual mirror site. The protection management tool 
preferably enables a user to identify sites that are mirror 
sites, and manage their protection settings simultaneously. A 
Mirror Sites dialogue box is invoked when a user clicks on 
the "Mirrors" button in the tool bar illustrated in FIG. 14. 
The Mirror Sites dialogue box is invoked while a user is 
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accessing a specific site, and the information it displays is 
relative to this specific site currently being accessed. 

As shown in FIG. 18, the Mirror Sites dialogue box has 
a left panel indicating sites from among the site list that are 
mirrors of the site being accessed, and a right panel indi- 
cating sites from the site list that are not mirrors of the site 
currently being accessed. The user can click on one or more 
of the sites listed in the right panel to select them, and then 
click on the "<Add to Mirrors" button to make them mirror 
sites of the site being accessed. Clicking on the "<Add to 
Mirrors" button results in the selected sites being moved 
from the right panel to the left panel. 

The user can check a box to update mirrors automatically, 
and then any edits he makes to parameter settings for the site 
currently being accessed will automatically be submitted to 
the mirror sites whenever the user clicks on the "Submit" 
button in the tool bar illustrated in FIG. 14, to submit his 
edits to the web server computer. This mode of automatic 
update results in protection settings being updated incre- 
mentally in mirror sites each time the user edits them in one 
of the sites. However, if one or more edits are not synchro- 
nized with mirror sites, the mirror sites will lose synchro- 
nization and will not regain synchronization as future edits 
are made, even if the future edits are proliferated to the 
mirror sites. This loss of synchronization can happen, for 
example, if one of the mirror sites is not operational at the 
time the user makes his edits to the protection settings or, for 
example, if a mirror site is removed from the list of mirror 
sites. 

The user can check a box to update mirrors automatically, 
and then any edits he makes to parameter settings for the site 
currently being accessed will automatically be submitted to 
the mirror sites whenever the user clicks on the "Submit" 
button in the tool bar illustrated in FIG. 14, to submit his 
edits to the web server computer. This mode of automatic 
update results in protection settings being updated incre- 
mentally in mirror sites each time the user edits them in one 
of the sites. However, if one or more edits are not synchro- 
nized with mirror sites, the mirror sites will lost synchroni- 
zation and will not regain synchronization as future edits are 
made, even if the future edits are proliferated to the mirror 
sites. This loss of synchronization can happen, for example, 
if one of the mirror sites is Dot operational at the time the 
user makes his edits to the protection settings or, for 
example, if a mirror site is removed from the list of mirror 
sites. 

In order to bring mirror sites up-to-date with a site 
currently being accessed, the Mirror Sites dialogue box also 
has a button for sending the current settings to the mirror 
sites. Clicking on this button causes all of the protection 
settings to be sent to the mirror sites listed in the left panel, 
and not merely the incremental edits that the user made. This 
serves to re-synchronize the mirror sites with the site cur- 
rently being accessed, and ensures that the protection set- 
tings are the same at the mirror sites and the site currently 
being accessed. 

Sending all of the protection settings to mirror sites 
typically requires a lot of bandwidth. If only a few of the 
mirror sites need to be re-synchronized, the user can tem- 
porarily move the other mirror sites from the left panel to the 
right panel, send the current protection settings to 
re-synchronize the mirror sites remaining in the left panel, 
and then move the other mirror sites from the right panel 
back to the left panel. This reduces the number of sites to 
which the protection settings have to be transmitted. The 
Mirror Sites dialogue box can be closed by clicking on the 
"Close" button, or by clicking on the "X" at the upper right 
hand corner of the dialogue box window. 
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Reference is now made to FIG. 19, which is an illustration 
of a virtual directory properties file residing on a web server 
computer in accordance with a preferred embodiment of the 
present invention. The virtual directories property file is a 

5 text file named VirtualDirectories.properties, preferably 
used by the web server to (i) protect images in dynamically 
generated web pages, and (ii) protect images residing on 
other server computers. This file contains the names of 
directories in which dynamically generated pages and/or 

10 dynamically generated images are stored, along with a 
protection status identifier for such directories. Protection 
status identifiers include PROTECT, TAGS and ACCES- 
SIBLE. PROTECT indicates that the pages and images in 
the directory are protected. TAGS indicates that only images 

15 referenced within protect tags of HTML pages in the direc- 
tory are protected. ACCESSIBLE indicates that the pages 
and images in the directory are unprotected. 

Hie file illustrated in FIG. 19 indicates that a directory 
named/cgi-birV (relative to the root directory) is assigned 

20 PROTECT status. Thus pages and images in /cgi-bin/ that 
are dynamically generated will be protected. FIG. 19 also 
indicates that a directory named/scripts/ (relative to the root 
directory) is assigned TAGS status. Thus pages in /scripts/ 
that are dynamically generated will be protected to the 

25 extent that images referenced within their protect tags are 
protected. 

FIG. 19 also indicates an alias for images on another 
server computer that are to be protected. The alias is 
/Ipis.htm?, and the true address is http:// 

30 101.34556.52:8081/. Thus /lpis.htm and /lpisiitml are inter- 
preted by the web server as aliases for the root directory of 
the web server with IP address 101.345.56.52 and port 8081. 

The VirtualDirectories.properties file is manually or auto- 
matically edited by a user whenever he wishes to protect 

35 dynamically generated web pages, dynamically generated 
images, and images residing on another server computer. 
Implementation Details 

In a preferred embodiment of the present invention, when 
the client web browser has installed a substitute data pro- 

40 cessor such as a Netscape SmartUpdate or plug-in, or an 
Internet Explorer ActiveX control, as indicated in FIG. 1, the 
substitute data used for protected images are encrypted 
images. That is, (i) protected images are encrypted on the 
web server computer, using an encryption algorithm and an 

45 encryption key as is well known to those skilled in the art; 
(ii) references to the protected images are replaced with 

» references to encrypted images in the HTML pages that 
reference the protected images, and (iii) the encrypted 
images are transmitted from the web server to client com- 

50 pulers. The client computers use substitute data processing 
software to decode the encrypted images and to render them 
for display on a video monitor. 

In order for this to work, it is necessary for the substitute 
data processor on the client computer to know the encryp- 

55 tion algorithm being used by the web server and the encryp- 
tion key. This presents a potential security hole, in that 
someone could decipher this encryption information from 
the substitute data processor by reverse engineering, and use 
it for stealing copyright protected images. 

60 In a preferred embodiment of the present invention, the 
web server regularly changes the encryption key, and pos- 
sibly also the encryption algorithm. When each such change 
is made, the server computer transmits updated substitute 
data processing software to each registered client computer, 

65 as soon as such client computer connects to the server. This 
ensures that the encryption key, and possibly also the 
encryption algorithm, are changed regularly, thus thwarting 
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attempts to steal copyright protected images by reverse 
engineering substitute data processors. Preferably these 
updates arc done frequently enough so that the duration 
between updates is likely to be less than the time it typically 
takes to discover the encryption information by .reverse 
engineering. 

In a preferred embodiment of the present invention, each 
client that downloads a substitute data processor from a 
server computer is registered in a user database. This makes 
it possible to keep track of clients and send them updated 
software automatically. Alternatively, version information 
for a substitute data processor in a client computer may be 
stored in a "cookie," or other such file used by web servers 
to identify client information. Using the cookie, a web server 
can automatically determine if a client is using out-dated 
software, and, if so, automatically update the client software. 
Yet another alternative is for the web server to do nothing, 
in which case the client software will no longer be able to 
render encrypted images after the encryption key and/or 
algorithm is updated, and the user will have to download 
updated software at his own initiative. 

What follows is a detailed description of a preferred 
embodiment of the present invention, as it operates to block 
screen capture utilities within a Macintosh operating system. 

For the Macintosh operating system, a plugin for 
Netscape and Internet Explorer is preferably used. The 
plugin consists of three parts — the plugin proper, a system 
extension (also referred to as IN1T) and an executable client 
library. The system extension and the client library are 
downloaded from a web server as needed, as described 
hereinbelow. 

The plugin is preferably placed in the Netscape or Internet 
Explorer Plugins folder. The system extension and the client 
library are preferably installed into the Extensions Folder in 
the System folder of the user's boot disk. The system 
extension is an invisible file, and contains an INIT resource 
that "patches" system calls at boot time as needed, in order 
to enable the plugin to circumvent screen capture programs. 

Preferably, the system extension does not do processing 
itself, but instead calls the plugin, which in turn sends a 
patch through to the client library. The client library is 
preferably a MacOS shared library, and contains program- 
ming code for patches and for rendering images onto a 
screen. The provides the capability to update code without 
downloading the entire plugin. 

In order to view protected images, a user is first required 
to download the plugin and INIT. A user then runs an 
installation program to install the plugin into the Netscape 
Navigator Plugins folder or the Internet Explorer Plugins 
Folder. The user reboots his computer in order for the INIT 
to apply its system patches. 

When the plugin is activated, it preferably reads a con- 
figuration file to determine if the client library or system 
extension needs up be updated. If the configuration file is 
missing, or if the current date and time is greater than the 
next update check time in the configuration file, the plugin 
downloads a new configuration file that .specifies the latest 
version of the client library and the system extension. If the 
current version of the client library and/or the system 
extension on a client computer is not the latest version, then 
the plugin downloads the latest version of the client library 
and/or the system extension. 

Preferably the configuration file includes (i) a date for 
next update check, (ii) a client library version number, (iii) 
a system extension version number, (iv) a list of capture 
application types, (v) a list of capture control panels and 
extensions, (vi) a list of resource types, and (vii) a list of 
non-blockable control panels and extensions. 
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The format for the date is of the form: 
Wed Aug. 18 13:22:04 1999 

The version numbers are preferably in MacOS binary 
coded decimal version format, of the form: 
M.m.b.srr 

where M is the major version number, m is the minor 
version number, b is the bug fix number, s is the stage (d, a, 
b or f and rrr is the release number. 

Except for the list of resource types, all list entries have 
the following three-line structure: 

line 1 — Name of utility/application 

Line 2 — 4 character file type, 4 character creator type, 4 
character resource type (packed) 

Line 3 — hex characters of pattern to match 

Line 1 includes the name of the utility. This line is 
preferably only used by the list of non-blockable control 
panels and extensions. For other lists, the name "Unused" is 
inserted. Line 2 contains three 4-character codes used to 
identify capture applications and utilities. The first two 
codes are the file type and creator type, and the third code 
is a resource type. Line 3 contains hex codes for a pattern to 
match in the resource map of the file. If no hex pattern is 
used, a single carriage return is included. 

An example of a configuration file is as follows: 

Wed Aug, 18 13:22:04 1999 

1.0.0a2 

1.0.0a2 

Capture AppsBegin 
Unused 
APPLc2gfc2gf 
Unused 

APPLCmApCmAp 
43616D6572614D616E 

Unused 

APPLLu§»Lu§» 
Unused 

APPLSnpTSnpT 
536E617073686F7420496E666F 

Unused 

APPLSNAPSNAP 

53637265656E536E6170 

CaptureAppsEnd 

CaptureUtilsBegin 

Unused 

CdevSnp2Snp2 

536E61707A 

Unused 

CdevshOTshOT 
53637265656E53686F74 

Unused 

CdevexPRexPR 

4578706F737572652048657973 

Unused 

CdevCaptCapt 

CaptureUtilsEnd 

ResT^pesBegin 

STR# 

ShOT 

ShOT 
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ShOT 
CURS 

RcsTypcsEnd 
AbortTypesBegin 
Applctalk Control Panel 
Cdevatdvatdv 

6B5377697463684170706C6574616C6B444C4F47 
AbortTypcsEnd 

When it encounters a file name, the web browser normally 10 
identifies a type of content, and pushes the file to an 
appropriate plugin. However, in the present invention the 
parameters passed to the plugin provide only encrypted 
names for protected image files, and, as such, the web 
browser typically cannot determine a content type from the 15 
file name. Instead, the plugin decrypts the name and initiates 
the download itself. This prevents others from accessing 
protected images directly. Downloaded protected image files 
arc encrypted, and the library decrypts them before they are 
used. 20 

MacOS uses file types and creator types to identify files 
and the applications that created them. The list of capture 
applications from the configuration file is used by the plugin 
in conjunction with creator types to determine relevant 
applications to be -aware of for ensuring copyright protec- 25 
tion. If such a capture application is launched or running, the 
plugin preferably hides its images. 

Similarly, the list of capture control panels and extensions 
from the configuration file is used by the plugin in conjunc- 
tion with the list of resource types to determine if a non- 30 
application executable, such as an extension or control 
panel, is about to invoke a screen capture. 

The system extension loads itself into memory at boot 
time. It looks in the System Folder, Extensions Folder, 
Control Panels Folder and the Start Up Items folder, for 35 
items of type INIT, cdev, APPC, appe and APPL, which are 
INITs, control panels, new control panels, applications and 
application extensions. For each of these folders, the system 
extension creates an information list that includes a copy of 
the resource map for each such item found. The information 40 
list is used by the plugin to locate "show stoppers;" i.e., 
utilities that cannot be blocked by known methods. 

The system extension patches the following traps: 
OpenPicture, CiosePicture, Copy Bits, InitGraf, GetRe- 
source and SetFilelnfo. 45 

A typical way for a capture utility to implement screen 
capture is by creating a MacOS Picture, similar to a Win- 
dows meta-file. Such a capture utility calls OpenPicture( ), 
CopyBits(screen,dest) and ClosePicture( ), to create a PICT 
file or to put the data on the global clipboard in PICT format. 50 
If the plugin is running, the system extension patch for 
OpenPicture( ) sets a flag so that the system extension patch 
for CopyBits( ) knows that OpenPicture( ) was previously 
called. 

The system extension patch for CopyBits( ) is preferably 55 
a head patch; i.e., the patch is applied and then the conven- 
tional system CopyBits( ) is called. The system extension 
patch for OpenPicture( ) preferably calls the plugin to update 
rectangles of the instances, and to set a flag to indicate to the 
system extension that the patch for CopyBits( ) should be 60 
used. The system extension patch for CopyBits( ) uses the 
rectangles and erases them on screen, so that the conven- 
tional CopyBits( ) call does not gain access to unmodified 
protected images. The patch for CopyBits( ) sets a flag 
indicating that the plugin should re-draw the images. 65 

Preferably, the plugin identifies screen capture utilities 
using two methods: (i) by file type and creator, and (ii) by 
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the resource map of the file. When used together, these two 
methods provide a more robust way to identify files than 
does either of them alone. A Macintosh file includes two 
forks — a resource fork, and a data fork. The resource fork 
includes data that can be changed independently of the 
executable code; for example, strings, icons and dialogue 
boxes. 

When the resource fork for a file is opened, an index of 
the fork, referred to as a resource map, is read into RAM by 
the resource manager. The resource map includes informa- 
tion about resources in the file. Resource maps are chained 
in a linked list — as each file in the chain is opened, a new 
map is added to the chain. A descriptor for the creator of a 
file is typically stored in a signature resource in the file. The 
signature resource is part of a group of resources that enables 
the operating system to associate icons and files with the 
creator type. This information can be used by a patch for 
GetResource( ) to identify a screen capture utility that is 
running. The resource map can be searched for the signature 
resource. If it can be found, then the capture utility can be 
identified. 

The resource type (the third 4-character code in line 2) can 
also be used to identify a screen capture utility. The hexa- 
decimal string (line 3) can also be used. 

It is noted that the resource map cannot be used during 
idle time to identify capture utilities that are applications. 
The reason for this is that when the plugin is trying to 
identify capture applications during idle time, the resource 
map for the capture application is not in an available chain. 
To overcome this, the present invention preferably uses the 
system extension patch for InitGraf( ) to grab application 
resource maps as each application is launched. When the 
system extension starts up, it allocates a table to store 512 
resource maps. When an application is launched, the patch 
for InitGraf( ) is called, and the system extension stores the 
current resource map in one of the 512 entries. When the 
application is closed, the resource map is removed from the 
table. The table is accessible to the plugin, and when the 
plugin is running it examines the table to see if there is a 
signature resource or other identifying trait. If so, then the 
plugin can determine if a capture application is running, and 
can hide protected images. The choice of 512 for the size of 
the table for the resource maps is arbitrary, but has been 
found to be adequate. 

Because searching for utilities installed on a client com- 
puter is time consuming, the system extension preferably 
does the search at startup time, and stores information about 
each INIT, cdev, APPC, appe and APPL file type in the 
System Folder, Extensions Folder, Startup Folder and Con- 
trol Panels folder. If instead the plugin was to do the search, 
then the search would have to be carried out each time the 
plugin is instantiated. 

The system extension makes the information about the 
extensions and control panels available to the plugin via 
shared memory, and the plugin can quickly scan the list for 
installed items that cannot be blocked. 
Additional Considerations 

In reading the above description, persons skilled in the art 
will realize that there are many apparent variations that can 
be applied to the methods and systems described. For 
example, although the present invention has been described 
with respect to digital images, it applies to copyright pro- 
tection of other forms of multi-media referenced in web 
pages as well, such as audio files, video files and slide 
shows. In each case, substitute data can be used so that a user 
can play or view the multi-media within the web page 
without downloading an unmodified version of it into his 
computer. 
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For another example, the present invention can be applied 
to copyright protection of text contained in web pages. 
Currently, text contained in web pages can be copied by 
simply selecting a section of text by dragging a mouse 
pointer thereover, and invoking a "Copy" command. The 
copied text can then be pasted onto a word processing 
application by invoking a "Paste" command. 

By converting the text data into one or more images and 
designating the one or more images as being protected, the 
present invention can be used to prevent unauthorized 
copying of text from a web page. 

For another example, the present invention can be inte- 
grated with transaction software so that protected images 
can be purchased on-line. Specifically, when a user positions 
a mouse pointer over a protected image and right clicks on 
the mouse, a transaction menu can be popped up with one or 
more selections for purchasing the protected image. Select- 
ing an option to purchase the image can trigger e -commerce 
transaction software. Thus when a user tries to save the 
image using the standard "Save Image As ... " command, 
he is notified that the image is copyright protected and 
presented with an opportunity to purchase the image. Selec- 
tions for purchasing the image can include purchasing one or 
more hardcopy prints of the image, purchasing apparel, such 
as clothing, containing the image, and purchasing an elec- 
tronic version of the image. 

In the foregoing specification, the invention has been 
described with reference to specific exemplary embodiments 
thereof. It will, however, be evident that various modifica- 
tions and changes may be made to the specific exemplary 
embodiments without departing from the broader spirit and 
scope of the invention as set forth in the appended claims. 
Accordingly, the specification and drawings are to be 
regarded in an illustrative rather than a restrictive sense. 

What is claimed is: 

1. A method for protecting digital images displayed in a 
web browser, comprising: 

displaying a digital image, the digital image comprising 
pixel data; 

issuing a request to access pixel data of the digital image 
by invoking instructions for accessing pixel data; 

intercepting the request to access pixel data of the digital 
image; causing program logic of the instructions to 
jump to logic for substitute instructions; and 

providing substitute data for pixel data of the digital 
image. 

2. The method of claim 1 wherein said requesting access 
is invoked by a keyboard. 

3. The method of claim 1 wherein said requesting access 
is invoked by a mouse. 

4. The method of claim 1 wherein said requesting access 
is invoked by a software application. 

5. The method of claim 1 wherein said requesting access 
uses a save-as command. 

6. The method of claim 1 wherein said requesting access 
uses a screen capture command. 

7. The method of claim 6 wherein the screen capture 
command is a Print Screen command. 

8. The method of claim 1 wherein said requesting access 
uses a copy command. 

9. The method of claim 1 wherein said requesting access 
uscss a command for copying data to a clipboard. 

10. The methods of claim 1 wherein the instructions are 
a Windows BitBlt function. 

11. A system for protecting digital images displayed in a 
web browser, comprising: 

a software application displaying a digital image, the 
digital image comprising pixel data; 
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a command processor issuing a request to access pixel 
data of the digital image by invoking instructions for 
accessing pixel data; 

a request interceptor intercepting the request to access 
pixel data of the digital image received from said 
command processor and causing program logic of the 
instructions to jump to logic for substitute instructions; 
and 

a data processor providing substitute data for pixel data of 
the digital image. 

12. The system of claim 11 wherein said command 
processor is invoked by a keyboard. 

13. The system of claim 11 wherein said command 
processor is invoked by a mouse. 

14. The system of claim 11 wherein said command 
processor is invoked by a software application. 

15. The system of claim 11 wherein said command 
processor is invoked by a save-as command. 

16. The system of claim 11 wherein said command 
processor is invoked by a screen capture command. 

17. The system of claim 16 wherein the screen capture 
command is a Print Screen command. 

18. The system of claim 11 wherein said command 
processor is invoked by a copy command. 

19. The system of claim 11 wherein said command 
processor is invoked by a command for copying data to a 
clipboard. 

20. The system of claim 11 wherein the instructions are a 
Windows BitBlt function. 

21. A method for protecting digital images displayed in a 
web browser, comprising: 

displaying a digital image, the digital image comprising 
pixel data; 

issuing a request to access pixel data of the digital image 
by invoking a Macintosh ToolBox function for access- 
ing pixel data; 

intercepting the request to access pixel data of the digital 
image; 

causing program logic of the Macintosh ToolBox function 
to jump to logic for substitute instructions; and 

providing substitute data for pixel data of the digital 
image. 

22. A method for protecting digital images displayed in a 
web browser, comprising: 

displaying a digital image, the digital image comprising 
pixel data; 

issuing a request to access pixel data of the digital image 
by invoking instructions for accessing pixel data; 

intercepting the request to access pixel data of the digital 
image; 

changing a pointer pointing to the instructions to point to 

substitute instructions; and 
providing substitute data for pixel data of the digital 

image. 

23. The method of claim 22 wherein the pointer is an entry 
within a Macintosh Trap Dispatch Table. 

24. The method of claim 22 wherein the substitute instruc- 
tions are a patched Macintosh ToolBox function. 

25. A method for protecting digital images displayed in a 
web browser, comprising: 

displaying a digital image, the digital image comprising 
pixel data; 

issuing a request to access pixel data of the digital image 
by invoking instructions for accessing pixel data; 

intercepting the request to access pixel data of the digital 
image; 
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executing substitute instructions; and 
providing substitute data for pixel data of the digital 
image. 

26. The method of claim 25 wherein the instructions are 
a Windows BitBlt function and the substitute instructions are 
a patched Windows BitBlt function. 

27. A system for protecting digital images displayed in a 
web browser, comprising: 

a software application displaying a digital image, the 
digital image comprising pixel data; 

a command processor issuing a request to access pixel 
data of the digital image by invoking a Macintosh 
ToolBox function for accessing pixel data; 

a request interceptor intercepting the request to access 
pixel data of the digital image received from said 
command processor and causing program logic of the 
Macintosh ToolBox function to jump to logic for sub- 
stitute instructions; and 

a data processor providing substitute data for pixel data of 20 
the digital image. 

28. A system for protecting digital images displayed in a 
web browser, comprising: 

a software application displaying a digital image, the 

digital image comprising pixel data; 
a command processor issuing a request to access pixel 

data of the digital image by invoking instructions for 

accessing pixel data; 
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a request interceptor intercepting the request to access 
pixel data of the digital image received from said 
command processor, and changing a pointer pointing to 
the instructions to point to substitute instructions; and 

a data processor providing substitute data for pixel data. of 
the digital image. 

29. The system of claim 28 wherein the pointer is an entry 
within a Macintosh Trap Dispatch Table. 

30. The system of claim 28 wherein the substitute instruc- 
tions are a patched Macintosh ToolBox function. 

31. A system for protecting digital images displayed in a 
web browser, comprising: 

a software application displaying a digital image, the 
digital image comprising pixel data; 

a command processor issuing a request to access pixel 
data of the digital image by invoking instructions for 
accessing pixel data; 

a request interceptor intercepting the request to access 
pixel data of the digital image received from said 
command processor and executing substitute instruc- 
tions; and 

a data processor providing substitute data for pixel data of 
the digital image. 

32. The system of claim 31 wherein the instructions are a 
Windows BitBlt function and the substitute instructions are 
a patched Windows BitBlt function. 
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